Technologie 5G: Posouzení hrozeb a rizik implementace / The 5G Technology Nexus: Assessing Threats and Risks of Implementation

La Rosa, Giampaolo

January 2021

The new 5G technology, next generation of telecommunication and mobile network, is all around the world in course of inspection and inquiry for its astonishing novelty, from new services to functions and scalability. However, every technology brings alongside new possibilities and new threats scenarios, especially in this case where the impact on the present network is promised to be massive, with brand new features allowed by 5G, like Internet of Things, widespread virtualization and huge leap forward in rapidity and capability of the mobile transmission. An increase in the network surface, considered as more connections, more devices connected and more traffic load of data, will expand also the possible entry point and fault exploitable by a malevolent actor, raising common concern about the technology. The deployment of such a technology on European soil, especially in some states of the Union, caused uproar and critics primarily in the security field. Following a global trend, but also leading a best practice approach, the EU developed a series of mechanisms and agencies that are challenged to oversees the gradual shift from old 4G LTE to 5G. In this paper a Critical Information Infrastructure Protection (CIIP) framework is used to analyse the criticalities of the new technology. Definition of...

Identifying the critical success factors to improve information security incident reporting

Humphrey, Mike

January 2017

There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to an absence of sufficient empirical incident report data to enable informed risk assessment and risk management judgements. As a result, there is a real possibility that decisions related to resourcing and expenditure may be focussed only on what is believed to be occurring based on those incidents that are reported. There is also an apparent shortage of research into the subject of information security incident reporting. This research examines whether this assumption is valid and the potential reasons for such under reporting. It also examines the viability of re-using research into incident reporting conducted elsewhere, for example in the healthcare sector. Following a review of what security related incident reporting research existed together with incident reporting in general a scoping study, using a group of information security professionals from a range of business sectors, was undertaken. This identified a strong belief that security incidents were significantly under-reported and that research from other sectors did have the potential to be applied across sectors. A concept framework was developed upon which a proposal that incident reporting could be improved through the identification of Critical Success Factors (CSF’s). A Delphi study was conducted across two rounds to seek consensus from information security professionals on those CSF’s. The thesis confirms the concerns that there is under reporting and identifies through a Delphi study of information security professionals a set of CSF’s required to improve security incident reporting. An Incident Reporting Maturity Model was subsequently designed as a method for assisting organisations in judging their position against these factors and tested using the same Delphi participants as well as a control group. The thesis demonstrates a contribution to research through the rigorous testing of the applicability of incident reporting research from other sectors to support the identification of solutions to improve reporting in the information security sector. It also provides a practical novel approach to make use of a combination of CSF’s and an IRMM that allows organisations to judge where their level of maturity is set against each of the four CSF’s and make changes to strategy and process accordingly.

Cyber security

The global vulnerability discovery and disclosure system: a thematic system dynamics approach

Lewis, P S

23 October 2017

Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et al., 2016). Consequentially, the reduction of vulnerabilities within software should be of paramount importance, however, it is argued that software development practitioners have historically failed in reducing the risks associated with software vulnerabilities. This failure is illustrated in, and by the growth of software vulnerabilities over the past 20 years. This increase which is both unprecedented and unwelcome has led to an acknowledgement that novel and radical approaches to both understand the vulnerability discovery and disclosure system (VDDS) and to mitigate the risks associate with software vulnerability centred risk is needed (Bradbury, 2015; Marconato et al., 2012). The findings from this research show that whilst technological mitigations are vital, the social and economic features of the VDDS are of critical importance. For example, hitherto unknown systemic themes identified by this research are of key and include; Perception of Punishment; Vendor Interactions; Disclosure Stance; Ethical Considerations; Economic factors for Discovery and Disclosure and Emergence of New Vulnerability Markets. Each theme uniquely impacts the system, and ultimately the scale of vulnerability based risks. Within the research each theme within the VDDS is represented by several key variables which interact and shape the system. Specifically: Vender Sentiment; Vulnerability Removal Rate; Time to fix; Market Share; Participants within VDDS, Full and Coordinated Disclosure Ratio and Participant Activity. Each variable is quantified and explored, defining both the parameter space and progression over time. These variables are utilised within a system dynamic model to simulate differing policy strategies and assess the impact of these policies upon the VDDS. Three simulated vulnerability disclosure futures are hypothesised and are presented, characterised as depletion, steady and exponential with each scenario dependent upon the parameter space within the key variables.

Cyber security

Analyse des politiques publiques en matière d’adoption du cloud computing et du big data : une approche comparative des modèles français et marocain / Public policies analysis for cloud computing and big data adoption : comparative approach between French and Morrocan models

El Ouazzani, Saïd

10 June 2016

Notre recherche repose sur l’analyse des politiques publiques françaises et marocaines en matière d’adoption des technologies du Cloud Computing et du Big Data. Nous avons analysé ce que les Etats, français et marocain, font — ou ne font pas — pour faire face aux enjeux du numérique. Enjeux pour lesquels l’Etat doit apporter aujourd’hui des réponses politiques et techniques. En effet, l’Etat, dans une acception weberienne, voit sa représentation idéal-typique se modifier en un cyber-Etat qui a pour mission :— Assurer une souveraineté en développant des plateformes Cloud Computing nationales susceptibles de fournir les mêmes services que des plateformes étrangères ;— Développer des outils numériques du type Big Data articulés à des solutions « Cloud Computing » afin d’améliorer des services publics. — Développer et assurer la présence de l’Etat et de ses administrations dans le cyberespace ;— Mettre les outils du type Coud Computing au service de la sécurité nationale pour faire face aux dispositifs de cyber-renseignement étrangers.Dans un contexte de transformations profondes de la société induites par le numérique, l’Etat doit réaffirmer ses droits sur son propre territoire. En effet, le Net offre aux individus des possibilités de sociabilité croissantes à travers une «vie numérique» qui constitue une facette, un prolongement de la vie réelle. Cette vie numérique individuelle évolue en suivant les transformations de la technologie qui potentialisent la sociabilité en ligne et qui s’accompagnent de contraintes liées au traitement des données personnelles et font surgir des débats relatifs à la vie privée.Pour faire face aux risques sécuritaires, l’Etat français comme l’Etat marocain se sont dotés des instruments juridiques et techniques qui s’appuient précisément sur les technologies du Cloud Computing et du Big Data. L’arsenal juridique français s’est vu renforcé dernièrement par l’adoption successive et accélérée — sans débat national — de la Loi de programmation militaire (2014-2019) puis sur les lois anti-terroriste (2014) et sur le Renseignement (2015). Ces différents textes ont agité le débat politique en instillant une inquiétude grandissante relative au déploiement de dispositifs numériques de surveillance. Surveillance, ou cyber-surveillance, qui trouve sa légitimité dans la lutte contre le terrorisme en faisant, à chaque fois, référence à la notion de sécurité nationale, concept au contenu juridiquement flou et dépendant des autorités publiques. Notre travail couvre quatre axes principaux : 1- L’évolution de la conception même de l’Etat qui implique la mise en place de cyber-politiques publiques ainsi que le développement d’un cyber-secteur public, d’un cyber-service publique et également d’une évolution de la fonction publique elle-même.2- Les enjeux sécuritaires à l’ère du Cyber-Etat. Nous avons ainsi pu traiter des notions comme celles de cyber-sécurité, de cyber-souveraineté et de cyber-surveillance au sein du Cyber-Etat.3- Les enjeux liés au traitement des données personnelles au sein du Cyber-Etat et produites par les activités quotidiennes du cyber-citoyen.4- Les fondements techniques du Cyber-Etat : le Cloud Computing et et le Big Data. On pu être ainsi analysées techniquement ces deux technologies.C’est grâce à la collaboration avec des partenaires français et nord-américains : la Mairie de Boulogne Billancourt et les Engaged Public et CausesLabs que nous avons pu montrer, à travers une étude de cas, l’apport concret du Cloud Computing dans le cadre d’une collectivité locale française. Une expérimentation qu’il conviendra de suivre, si ce n’est développer, dans l’avenir. / Our research concerns the public policy analysis on how Cloud Computing and Big data are adopted by French and Moroccan States with a comparative approach between the two models. We have covered these main areas: The impact of the digital on the organization of States and Government ; The digital Public Policy in both France and Morocco countries ;The concept related to the data protection, data privacy ; The limits between security, in particular home security, and the civil liberties ; The future and the governance of the Internet ; A use case on how the Cloud could change the daily work of a public administration ; Our research aims to analyze how the public sector could be impacted by the current digital (re) evolution and how the States could be changed by emerging a new model in digital area called Cyber-State. This term is a new concept and is a new representation of the State in the cyberspace. We tried to analyze the digital transformation by looking on how the public authorities treat the new economics, security and social issues and challenges based on the Cloud Computing and Big Data as the key elements on the digital transformation. We tried also to understand how the States – France and Morocco - face the new security challenges and how they fight against the terrorism, in particular, in the cyberspace. We studied the recent adoption of new laws and legislation that aim to regulate the digital activities. We analyzed the limits between security risks and civil liberties in context of terrorism attacks. We analyzed the concepts related to the data privacy and the data protection. Finally, we focused also on the future of the internet and the impacts on the as is internet architecture and the challenges to keep it free and available as is the case today.

Cyber-État

Going cyber : the dynamics of cyber proliferation and international security

Smeets, Max

January 2017

For over a decade, we have heard alarming statements about the spread of cyber weapons from senior policymakers and experts. Yet, the dynamics of cyber proliferation are still under-studied and under-theorized. This study offers a theoretical and empirical account of what causes the spread and restraint of cyber weapons and argues that the world is not at the brink of mass cyber proliferation. Whilst almost forty states are exploring and pursuing the development of cyber weapons, I indicate that only few have so far acquired a meaningful capability. This is due both to supply and demand factors. On the supply-side, most states have a latent capacity to develop relatively simple offensive cyber capabilities, but are unable to develop sophisticated cyber weapons. Moreover, the incentives for knowledge transfer and thus exporting offensive cyber capabilities between states are weak. On the demand-side, I show that national security considerations do not provide the best explanation of variance. Instead, domestic politics and prestige considerations are paramount. Moreover, and unlike nuclear proliferation, I argue that it is not the possession of cyber weapons but the intention of possession signalled through visible initiatives which matters. Ultimately, I note that cyber weapons can have strategic value - but only under certain conditions.

Reliability Assessment of Smart Grid Considering Cyber-Power Interdependencies

Falahati, Bamdad

17 August 2013

Smart grid initiatives are becoming more and more achievable through the use of information infrastructures that feature peer-to-peer communication, monitoring, protection and automated control. The analysis of smart grid operation requires considering the reliability of the cyber network as it is neither invulnerable nor failure free. The objective of this dissertation is to categorize interdependencies between cyber and power networks and propose mathematical evaluation models to calculate the reliability of the power network when considering failures of the cyber network. This study categorizes interdependencies between cyber and power networks into direct and indirect. In this research direct interdependencies among cyber-power networks is studied and the concept of state mapping is proposed to map the failures in the cyber network to the failures of the power network. The impact of indirect interdependencies on the reliability of power system is different and more complicated than that of direct interdependencies. In this dissertation, various aspects of smart monitoring, as an application of indirect interdependency, are discussed and a mathematical model to assess its impact on power grid reliability is proposed. Based on a multiple-state Markov chain model, the failure and repair rates of power components with and without monitoring provisions are determined and compared. In addition, to model indirect interdependencies between cyber and power networks, the concept and formulations of state updating are proposed to update the probability of states due to failures in the cyber network. Furthermore, in order to evaluate the impact of both direct and indirect cyberpower interdependencies on the reliability indices, two optimization models are introduced to maximize the data connection in the cyber network and minimize the load shedding in the power network.

cyber network

reliability

Cyber-power interdependencies

CYBERWAR - Det virtuella kriget

Jusufovic, Almin

January 2014

Syftet med denna uppsats är bland annat att utforskabegreppet cyber-war. Cyber-attacker utgör stora hot mot infrastrukturen,datorstyrda system och nätverksbaserade tjänster, enligt tidigare forskning. Menhur hotfulla är dessa attacker egentligen? Ska vi frukta att framtida krig blirvirtuella? Kan en ond grupp av människor med några rader av kod få kontroll övervår nation? För att få en bättre förståelse och för att kunna svara på frågorna, harjag med hjälp av tidigare publicerade publikationer gjort en litteraturanalys.Analysen bygger på sammanställning och jämförelse av åtta olika publikationer.Enligt forskningen så tyder tecken på att cyber-war kan vara ett framtida hot. / The purpose of this paper is to explore the concept of cyber-war. Cyber-attacks pose major threats to infrastructure, computer systems and network-based services, according to previous research. But how threatening are these attacks? Should we fear that future wars will be virtual? Can a group of people with a few lines of code get control of our nation? To get a better understanding and be able to answer these questions, I have used previously published publications and have made a literature analysis. The analysis is based on a compilation and comparison of eight different publications. According to the research, cyber-war may be a future threat.

Cyber-war

Cyber-threat

Cyber-attack

Cyber-terrorism

Virtuella Attacker

Cyber krig

Virtuellt krig

Cyber war

Cyber threat

Cyber terrorism

Engineering and Technology

Teknik och teknologier

The global vulnerability discovery and disclosure system : a thematic system dynamics approach

Lewis, Paul Simon

January 2017

Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et al., 2016). Consequentially, the reduction of vulnerabilities within software should be of paramount importance, however, it is argued that software development practitioners have historically failed in reducing the risks associated with software vulnerabilities. This failure is illustrated in, and by the growth of software vulnerabilities over the past 20 years. This increase which is both unprecedented and unwelcome has led to an acknowledgement that novel and radical approaches to both understand the vulnerability discovery and disclosure system (VDDS) and to mitigate the risks associate with software vulnerability centred risk is needed (Bradbury, 2015; Marconato et al., 2012). The findings from this research show that whilst technological mitigations are vital, the social and economic features of the VDDS are of critical importance. For example, hitherto unknown systemic themes identified by this research are of key and include; Perception of Punishment; Vendor Interactions; Disclosure Stance; Ethical Considerations; Economic factors for Discovery and Disclosure and Emergence of New Vulnerability Markets. Each theme uniquely impacts the system, and ultimately the scale of vulnerability based risks. Within the research each theme within the VDDS is represented by several key variables which interact and shape the system. Specifically: Vender Sentiment; Vulnerability Removal Rate; Time to fix; Market Share; Participants within VDDS, Full and Coordinated Disclosure Ratio and Participant Activity. Each variable is quantified and explored, defining both the parameter space and progression over time. These variables are utilised within a system dynamic model to simulate differing policy strategies and assess the impact of these policies upon the VDDS. Three simulated vulnerability disclosure futures are hypothesised and are presented, characterised as depletion, steady and exponential with each scenario dependent upon the parameter space within the key variables.

005.8

Cyber security

Grave Consequences for Youths at the Hands of Cyber-bullying

Davidson, Stephanie

16 December 2009

Faculty of Criminology, Justice and Policy Studies

Youth

cyber-bullying

Approaching the teacher's cyber community: A study of a teacher writing teaching-journal in the blogspace

Yeh, Ming-cheng

25 July 2006

This is a complicated story. Since I involved the management of SCTNet, I have observed lots of phenomena of teachers¡¦cyber communities. It also extends my social-network, and getting acquainted with many teachers makes me to think about the meanings of teacher cyber community. The views of school-organisation, teachers¡¦ cultures, teacher professional development, educational technology and knowledge management from the literatures construct my comprehensions of teachers¡¦cyber community. But when blog arising, I try to understand: 1. How do teachers use blogs? 2. What do teachers write about in the blogs? And what¡¦s the connection between their daily lives and teaching works? 3. Rethinking how teachers¡¦ cyber community exercises and how it influences teachers. I chose one teachers¡¦blog site as my observation. Interviewing with the site manager Mr. Yu, his story represents the difficulty of advancing teachers¡¦cyber community. Secondly, I observed one of the site users, Ms. Ann, how she used the blog in a whole year. By way of interviewing, five main points were generalized from her teaching journal: blog as the source of teaching creation; the reflection of school routine activities; the assessment shadowed by the basic competence test; writing the student¡¦s anecdote and beginning to concern the life education; from the feedbacks of other internet friends, describing the interactions between Ms. Ann and her friends in order to represent the characteristics of online support group. Finally, according to Ms. Ann¡¦s story, I reflect my participating experiences of teachers¡¦cyber community and give the suggestions of the advancement of teachers¡¦cyber community in the future.

blog

teacher's cyber community